001
014
015 package com.liferay.portal.security.pacl;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.security.lang.PortalSecurityManagerThreadLocal;
020 import com.liferay.portal.service.persistence.GroupPersistenceImpl;
021 import com.liferay.portal.service.persistence.UserPersistenceImpl;
022
023 import java.lang.reflect.InvocationHandler;
024 import java.lang.reflect.InvocationTargetException;
025 import java.lang.reflect.Method;
026
027
030 public class PACLBeanHandler implements InvocationHandler {
031
032 public PACLBeanHandler(Object bean) {
033 if (_log.isDebugEnabled()) {
034 _log.debug("Creating handler for " + bean);
035 }
036
037 _bean = bean;
038 }
039
040 public Object getBean() {
041 return _bean;
042 }
043
044 public Object invoke(Object proxy, Method method, Object[] arguments)
045 throws Throwable {
046
047 try {
048 return doInvoke(proxy, method, arguments);
049 }
050 catch (InvocationTargetException ite) {
051 throw ite.getTargetException();
052 }
053 }
054
055 protected Object doInvoke(Object proxy, Method method, Object[] arguments)
056 throws Throwable {
057
058 boolean debug = false;
059
060 if (_log.isDebugEnabled()) {
061 Class<?> clazz = _bean.getClass();
062
063 String className = clazz.getName();
064
065 if (className.equals(GroupPersistenceImpl.class.getName()) ||
066 className.equals(UserPersistenceImpl.class.getName())) {
067
068 debug = true;
069
070 _log.debug(
071 "Intercepting " + className + "#" + method.getName());
072 }
073 }
074
075 if (method.getDeclaringClass() == Object.class) {
076 String methodName = method.getName();
077
078 if (methodName.equals("equals")) {
079 if (proxy == arguments[0]) {
080 return true;
081 }
082 else {
083 return false;
084 }
085 }
086 else if (methodName.equals("toString")) {
087 return method.invoke(_bean, arguments);
088 }
089 }
090
091 if (!PACLPolicyManager.isActive()) {
092 return method.invoke(_bean, arguments);
093 }
094
095 PACLPolicy paclPolicy = PACLClassUtil.getPACLPolicy(false, debug);
096
097 if (debug) {
098 if (paclPolicy != null) {
099 _log.debug(
100 "Retrieved PACL policy for " +
101 paclPolicy.getServletContextName());
102 }
103 }
104
105 if (paclPolicy == null) {
106 return method.invoke(_bean, arguments);
107 }
108
109 if (!paclPolicy.hasPortalService(_bean, method, arguments)) {
110 throw new SecurityException("Attempted to invoke " + method);
111 }
112
113 boolean checkSQL = PortalSecurityManagerThreadLocal.isCheckSQL();
114
115 try {
116 Class<?> beanClass = _bean.getClass();
117
118 if (paclPolicy.getClassLoader() !=
119 PACLClassLoaderUtil.getClassLoader(beanClass)) {
120
121
122
123
124
125 PortalSecurityManagerThreadLocal.setCheckSQL(false);
126 }
127
128 return method.invoke(_bean, arguments);
129 }
130 finally {
131 PortalSecurityManagerThreadLocal.setCheckSQL(checkSQL);
132 }
133 }
134
135 private static Log _log = LogFactoryUtil.getLog(PACLBeanHandler.class);
136
137 private Object _bean;
138
139 }